*1 




JlASSACHUSEITS INSTITUTE OF TECHNOLOGY 

PROJECT hAC 


Artificial Intelligence Men.e. 137 


July 1967, 


PLANNER 

A Language for Proving Tbftorwre 


Carl 


Hevi 11 



2. 


SCHEMATISE 

The fftl lowinj? fs a description of SCHFMATtSE, a 
proposal for a program that proves very elementary theorems 
through the use of planning* The method is most easily 
explained through 30 example due to ftlack. 

G i yen 

tlr 
13 : 

t: 2: 
t hi 

tSi 

(p5 x 
Prove 

t5: (p5 el cJt) 

The shove problem has an interpretat Fon that makes Ft a much 
easier ope for humans. 


I ven 



tlj 

< i n 

peocl1 desk) 

12 i 

f in 

desk home) 


(pk cl cS ) 

(p 4 c 3 ck )■ 

Cp4 c2 e3J 

(fora 11 (x y) { Imp!ies (p4 & y) (x y)J) 

(fora 11 (x y z> (Implies (and (pS y z) < pk x y) ) 
z))) 




> 


3. 


t3: (In home county? 

t h: Cforall (x W ttmpltes (In x y) f eat x y)JJ 

t5: (fora II Cn y zl (Implies (and(inxy) (at y z)) 

(At x z))J 

Prove 

t6: (at pencil county) 

As far as the theorem pros/sr la concerned It is no 
easier to solve the problem given one representat1 on rather 
than the other without additional information, A human 
would much rather work with the second represents f tin since 
he has a well defined model for it* In order to make this 
paner more readable we shall work wTth the second 
representation* However* the reader should he careful to 
remember that Tn the sequel the computer program has a very 
different perspective from his own. 

First the program. connects all the theorems together 
into a net which we shall the t;heore^ p et ; * it Is understood 
that the theorem pet also reflects the structure of the 
rules a* inference (operators! of the underlying logical 
system* In the system which we shalT study the sole rule of 
Inference will be rio.d u 5 pnnens together with the 
simultaneous instantiation of any free variables with 
constants■ The theorem net for our example Is diagrammed In 
figure sfl* 






5 . 


Each box (such as the one containing theorem t2) stores the 
1 pformat ion for hlndine variables In that particular 
theorem* Without some Insight Into the problem structure 

there Ts not much that the theorem prover can do except to 

initiate a straight backwards search for the proof of the 
theorem,, Rut suppose that the theorem p rover fs more 

fortunate, ft might expect that (in pencil desk) is 

relevant to the proof of tat pencil county) since the 
constant pencil appears no where else Fn the problem. Or 

perhaps that the theorem prover Is not allowed to use 
theorem tl and asked to prove theorem tP" Instead of theorem 
tfS where 

t6 1 : (Implies (in pencil desk) (at pencil county)) 

Now the theorem prover has enough information to try to 
form a plan. Following Minsky whe shall call the statements 
(such as (in pencil desk)) that the theorem prover thinks 
am relevant to the proof l ^land^ , We define the rM.Ff.erente 
between two statements A and R to he the subgraph of the 
theorem net that can possibly c^rry A into P. fn our case 
the difference between (in pencil desk) and (at pencil 
county) Ts the whole theorem net. We might proceed to 
reduce the difference between our antecedent and consequent 
by chaining forward from our Island to try to match the 
consequent. The $ stand for constants that are presently 


unknown to us. 







Uf p 


C h # 


prc i I 


V 


&o ck w f*rd$ 
4'\o*re ^ 


c 


(of & t) 





"i 







h 


10 . 

Pushing (in nene11 desk) through tk leads us to a dead 
find. Rut pushing through t5 leads us to two 
expressions that naatrh (at pencil county). See ft gure si. 
We want to reverse the process and chain back from the 
consequent to our island. A good heuristic Is to pick the 
expression that best matches the consequent a$ the first one 
to chain back from. Tf we violate the heuristic and chain 
back from (at $ Si 1 we obtain figure s2. As the reader can 
see chaining hack from (at S $) does not take us ell the 
way hack to our island fin pencil desk). Therefore we must 
abandon the above plan* (Chaining back from (at pencil s), 
we obtain figure sJ* The theorem prover realizes that In 
order to complete the proof of (at pencil county) it must 
prove the lemma (at desk county). 

We would tike to consider the example from a slightly 
different viewpoint. Suppose that we transpose chaining 
forward from our Island and the chaining backward from the 
goal. Chaining backward from (at pencil county) we obtain a 
g.p’h t i jj.ed g qaT r rcf { (figure s 1 )). Every proof of (at 
pencil county) has a graphical homomorphic image In the 
schematised goal tree. The theorem prover can obtain alt 
proofs by grinding away Inside the schema tiled goal tree* 
Suppose that our island Is (In home county). We note that 
(In home county) matches both (in $ SI and (in % county). 
Unfortunately the plan (figure sS) generated by plugging (In 
home county) into (in $ 1) cannot bp fulfilled since (at 
county county) Is unproveaMe* Even if the theorem proyer 






















had a mode T Tt wouId he misled if the model attached the 
1 nterpretatlon true to fat county county). Plugging fin 
home county) into fin 5 county) lends to a plan {figure sf>) 

that car he fulfTiled. Mote that two applications of 

therorem t5 are needed to prove the theorem, Of course ff 
we are g i yen two T islands which are both relevant to the same 

proof we can often form a much hetter plan with both than 

with either one alone. 

Each time the theorem prover plugs an island Into a 
schematized goal tree. It should cheek to see If the 
resulting plan Is circular. Thus f Tn pencil desk) cannot be 
plugged into fin t $) in figure s7 since it forces fat t 
county) to become (at pencil county) which makes the plan 
circular* Therefore (in pencil desk) can only ho plugged 
into fin pencil $)* The resulting graph is figure sfi. 

In each casft we have Tn fact constructed a whole schema 
of plans. UI thin any one schema we can have many degrees of 
freedom. 

1* There can he more than one route from the 
islandfs> to the consequent, 

?■ * The constants represented by the I muse be 

found. 

3. Some loops in the plan can be unwound* 

F1 exibii1ity In planning is a mixed btesslng. A good deal 
of rigidity is necessary f n order to 


proceed 



straightforwardly from the plan to a rigorous proof, On the 
other hand our plans must he somewhat adaptahle so that we 
are not stymied by the first difficulty. The planning 
m&cban Fsm of fi,P.S k FI 1ustra tes the usefulness of 
controlled flexibility in planning. 

We would now like to turn to the Question of where to 
ohtatn islands for planning. One source Is pure syntactic 
analysts* The theorem prover should carefully examine the 
consequences of the expression to be proved. The 

qpnseguenccE of fchfl consequent heurFstle is try to find 
Islands among the consequences of the consequent of the 
theorem to he proved* For example In the problem to prove 
fat pencil county) suppose we had the additional theorem 

17: (implies (not (in pane FI desk)) (not (at pencil 

county))I 


UsTng the eonsequencIes of the consequent heuristic the 
theorem proven should find tha island (In pencil desk)* How 
can one transform the stick figure below into one wFth four 
squares by moving at most three sticks? 



17. 


In this case our consequence is that we have four squares* 
Rut If we are to make four squares from only twelve sticks 
then at least four sticks must each have two squares in 
common* Thus our island, is the Figure below 



Another syntactic trick Is to try to trace the constants 
hack to their source In the data base of the problem, 
Recall that tn our example that the constant pencil could 
only have come from the express I on (In pencil desk}, 
hypotheses usually make excellent candidates as islands* Of 
course, there are exceptions to the rule* For example, if 
the theorem prover were asked to prove (Implies (In home 
Texas) (at pencil county)) it would try to use (In home 
Texas) as an island only to find that (In home Texas ) Is 
actually Irrelevant. 

Models, special knowledge, and analogies are often 
sources of Islands* Suppose the theorem prover knew how to 
inscribe a circle in a given triangle. It could use an 



18 . 


analogous method to Inscribe a sphe r e In 3 Klven 
tetrahedron. Models often contain links that are useful In 
the construct Too of islands. The links make some relevant 
expressions Tn the data base of the problem more accessible 
to the theorem proven* 

Suppose the theorem proven had the following 
Infnrna tlon about cubes a, b e, and ri* 

vj: (direct1yabove d n) 

vZi ( rest f ritfon <1 c) 

v5i (restlnfton c b) 

vti: (fora 1 1 {x y) (equivalent (supporting x y 1 

(rest infirm y x) 1) 

v5i (forall (x y) (equivalent (dlerectlyabove x y} 

(rfl rect 1yhelow y x))> 

v5: (forall (x y z) (Implies (and (dlrect]yhelow y zJ 

<directiyhelow x y)) (directly below x zl >) 
v7: (forall (x y) (Implies (supporting * yj 

(direct1yhelow x y))i 

A model for the situation might look II No figure s9. 



19- 



f i j v rp S , 



2 &. 


Nearly the constant h Is nor* accessible from thp constant 
a In the model than from the theorems. thus models are 
Important in planning not only for pruninfi those express ions 
that are false in the TnterpretatEon of the model hut also 
for the connections they provide which suggest new plans* A 
nodel Keens the state of the system tn a continually updated 
canonical form. All other Information about the system is 
derived From the canonical form. 

Theorem provers should do more thinking about their 
problems before blindly beginning a huge tree search. An 
Intelligent problem solver would try to find hey nodes (such 
as (at * county) to figure sk) In the schemattied goal tree, 
of course most of oyr analysis for statements as Islands 
goes dually for theorems, Also the theorem prover should do 
a series-parallel loop analysis to get a better Idea of the 
size of the problem that It faces and to learn more about 
Its structure, t have been trying to develop a theory of 
the decomposition of planning nets analogous to the existing 
series-parallel decomposition theory for sequent la 1 
machines* Thore are clues In the difference between the 
I $land{ 5 ) and the consequent that can save the theorem 
prover a great deal of work. For example MATCHLESS can 
quitn easily be narie to find all the loop structures of the 
form of (Figure sll) in the schematised goal tree* After a 
proving a statement that satlfles A* one would often like to 
go back through thenrem tl to see If anytlng else can picked 
up almost for free* 




22 - 


The dl st i ngu I sh fng character fst ic of SCHEMATIZE is that 
th* relationship between the f slants and the statement to be 
proved Is shown. To have some Islands with no indication as 
to how they should be used $rmply limits the size of the 
tree to be searched;- the theorem prayer must stMl do 
heuristic tree searching In a stronger system such as 
SCHEMATIZE the executive of the theorem prover does not 
search the god) tree hut rather follows along a plan using 
the Indicated relations between Islands* CK course 
SCHEMATISE works only for problems with a simple logical 
structure* It can he generalTzed sllghlty to more powerful 
deductive procedures using natural deduction but the 
analysis become exremely compEice ted. Some times one can 
usefully analyze part of a more complicated problem using 
SCHEMATISE. 



HATCH LESS 


MATCHLESS is a pattern match ins program wltten in LISP. 
It is most succinctly described as a cross between SNOROL 
and CONVERT, The most Important respect In which MATCHLESS 
differs form CONVERT is that MATCHLESS doesn’t have a 
dictionary, Bindings for MATCHLESS variables are kept on 
the LISP push down list* Consequently MATCHLESS can very 
conveniently he used within LISP progs, I thrnk that Tt Is 
an important principle in language design that the user 
should be allowed to write in the level that he thinks Is 
most suitable for his task* The various levels of code 
should alt he compatible with one another so that Tt Is 
possible to use them ail in a single hprfy pf codc-i For 
example It would be useful to he able to write LAP code In 
the middle of LISP progs. Furthermore low level code should 
not have to run slower simply In order to preserve the 
ability for users to write at a higher level. 

A variable v In MATCHLESS can match three types of 
objects: 

£11 atoms (the first character of the name of v must he 

a Si. 


f 21 S-express ions fthe first character of the name of v 


must be a »1 



(3) fragments of lists C the first tha recter of the name 
of v must be an *) 

Any type of variable may he In any one of four modes: VAR 
(*nr variable), CONST (for constant), GENERIC, or CflMP (for 
computed >* The Idea for the VAR and CONST modes comes form 


SNDflOL; the 

GENERIC 

mode from 

CONVERT 

end 

AJTLF 

* The 

COMP 

mode a 1 lows 

one to 

1ntreduce 

new modes 

end 

types 

Into 

MATCHLESS, 

All of 1 

MATCHLESS 

could be 

wr1tten 

f n the 

COMP 


mode* The following atoms are given special Interpretations 
by MATCHLESS. 


(1) $ will match any atom. 

(2) = will match any £-express ion. 

(3) * will match any fragment of a list including the 
null fragment, 

Furthermore MATCHLESS has the standard Boolean Operators on 
patterns. For example if pat Is a pattern then < = NOT 1 ' pat) 
will match any s-exp ress1 on that doesn't match pat. 
Similarly = 3 nd* may be used to require that an S-expressfon 
match a number of patterns and “or= may he used to require 
that an S-express Ion match any one of a number of patterns* 
The idea for boolean operations on patterns comes Front 
CONVERT and AM&IT. 

There Is a MATCHLESS pattern associated with each 
MATCHLESS variable* The Idea of associated patterns for 
pattern variables comes from CONVERT and A*LE« Executing 



25r 


(var v w) or (generic v w) will put v In the VAR or CENTRIC 
mode respectively with the associate pattern w. A variable 
in the var or generic mode has no value; it matches 
according to rts associated pattern. When a varfable in the 
VAR mode matches Tt takes the value of the expression that 
It matches and its mode changes to CONST, A CfHFftft 
variable dTffers form a VAR variable fa that It fs not 

modified when It matches, A variable fn the CONST mode 
matches according to its value. Executing fmsetq v r) will 
put v rn the CONST mode wTth value r, The default mode Is 
VAR. with an innocuous associated pattern. 

Suppose SR, =A, and *C are all In the VAR mode. If 

MATCHLESS attempts to match the pattern O $ft A =A SR *CJ 

age fnst ( K. H5 fi A {K) H H A < L) M H I A (M3 I 5 C) then the 

variables node wiT1 be changed to CONST and they will have 
the foil owing values, 

SR: r 

■A; (M > 

*C: -B C” 

The dashes in the value of *C are meant to Indicate that the 
value of *C is a fragment of a list. 



2 $, 


"a 


planner 

SCHEMATISE can bo conceived to he search?ng through a 
planning space. Indeed any LISP program can he conceived 
as a tree searching program since the computation Ttself is 
a trap* Thus it would be useful to have a powerful tree 
searching language In which we could wrTte SCHEMATISE and 
other tree searching theorem proving procedures. PLANNER 
Ts a theorem prover which hopefully represents st IT T another 
stop toward $ueh a general tree search Ins language. PLANNER 
gets Tts name from the fact that It was originally created 
as a language In which a robot could formulate plans about 
Its posslhle actions* The theorems of PLANNER are 
executable data structures* An example of such a Lheorem Is 
TRANSITIVE (below) which expresses a necessary condition for 
a transitive relation, 

(TRANSITIVE (THPROft ^PREDICATE $X $Y SZ) 

(CONSEQUENT < *X SPREfl I CATE JZ)J 
(PROVED (TRANSITIVE SPUED)) 

(PROVEABLE (U SPRED t CATE jY)) 

(PROVEARLE ($Y SPREDI CATE SZ )1 


) > 


(FINISHED) 



"All theorems for PLANNER ore Imperatives,. Imperative 
thenrt*nu have certain advantages and dfsadvantages compared 
to declarative theorems. The cfifef advantage nf Imperative 
theorems Is that they can be extrenety powerful. Arbitrary 
USP computations are permitted In Imperative theorems. 
Thus each theorem can contain the heuristics for its own 
use. For example a theorem night recommend certain theorems 
for some suhproblem that It creates, I would be very 
grateful to any reader of this paper who sends me examples 
of types of heuristics that cannot naturally he incorporated 
Into theorems for PLANNER. 

The central function of PLANNER is thprog which is Tike 
prog except that it treats PLANNER functions In a special 
way. When a failure occurs thprng hecks up to the last 
executed PLANNER function and tries ageln on a different 
branch of the tree that Tt Is searching. Some of the 
functions of planner are 

fproveabie a switch 11stoftheerems); If the pattern a 
Is proveehle without erasing anything then execute the next 
Statement,? otherwise fail* If switch is FIRST [ONLY) then 
1Tstoftheorems are the first Coniy) theorems that will be 
used to try to chain back from a. 

[goal a switch 1 Istoftheorems )j Goal is 3ike prcveable 
except that erasures are permitted, 

[consequent al: a Is declared to be the consequent of 
the theorem, Whenever a goal [s created which matches the 



slattern a, the theorem will he used ta try to chain 
harkwards from the 50*11* 

(antecedent a): a la declared to be the antecedent of 
the theorem. Whenever a statement is asserted which matches 
the pattern a, the theorem will be used to try chain 
forwards from the statement* 

(assert a b swT tch 1 istoftheorems): Record a as proved 
with reason b» .If switch Is FIRST C 0 *? L V > then 

Ii 5 tof theorems ere the first (only) theorems that wT 11 he 
used to try to chain forward from a, 

(finished): Indicates the end of the theorem* 

(threturn a): Returns a as the value of the thpros In 
which It appears. Threturn has not yet been Implemented, 

(era&eaMe a): Record that a Is eraseable. 

(uneraseahte a); Record that a Is uneraseahle, 

(erase a switch 1 istoftheorems): If a Is eraseahle 
then erase it and the statements that depend on It; 
otherwise fall* If switch is FIR$T (-OWLV) then use 
1 rstoftheorems as the first (only) theorems to try to chain 
forward from the fact that the pattern a is being erased, 

(fall): Causes a failure* 


(thfaM)i Causes the theorem to fall. 



29 . 


■ 

(hypotheslze a); Assert a with the reason chat Ft is a 
hypothesis. 

(dIscharee): Discharge the lest made hypothesis. 

(thset a bl: Thset Ts like set except that the old 
value of a is remembered so chat Tt can he restored i n case 
of failure, 

(thrplocn a b) and (thrplacd a b); These functions are 
tike rpJaca and rplacd respectively except that the old 
value of a 1 5 remember ed so that Ft can be restored In case 
of failure* The functions thset# thrplacP# and thrplacd are 
very useful for manipulating models. 

(thgo a): Thpo is like go except that In case of 
failure control |5 returned to the place from where the 

t rSnsfe r wa 5 mada * 

The erase feature of PLANNED enables It to au f te 
easily manipulate models* The following two theorems enable 
PLANNER to bu F1 d a to^er three cubes htghi 

(TOWER (THPROft (JBL0CK1 SFILOCHJ tfILOCKJ J 
(CONSEQUENT (CAN TOWERAT I1ERE>> 

(GOAL (4RL0CK1 AT HERE LEVEL Q)} 

(UHERASEARLE fSRLDCKl AT MERE LEVEL 0)1 
(GOAL ($FJL0CK2 AT LPLACE LEVEL 1)1 
(UNERAS EAGLE C$nLOCK! AT HERE LEVEL 111 
(ROAI. (SRLOCK5 AT HERE LEVEL 2)) 



30. 


(ERASEARLE (SBIDCKZ AT HERE LEVEL Ql> 

(ERASEARLE ((RL0CK1 AT HERE LEVEL 1 >)) 

(F f HI SHERI J } 

(MOVE cthprog 

(SdLQCK tOTHERBLOCK thEWLEVEL $HFWPLACF SOLDLEVFL 
JOinPLACE) 

(CONSEOUENT (SHOCK AT SNEWPUCE LEVEL JNEWLEVEL) J 
(PROVED (HOCK $RLOCK)) 

(ERASE ((BLOCK AT SOLPPLACE LEVEL tOLOLFVELH 
(UNPROVED CtDTHERfiLOCK AT tOLhPLACE LEVEL (=EVAL* (PLUS 
iDLOLF.VEL 1))) 

(STATEFtHSHED) > ) 

(BLOCK BL0CK1) 

(BLOCK BLOCKS) 

(BLOCK BLOCKS) 

(BL0CK1 AT PI LEVEL 01 

(BL0CK2 AT PI LEVEL 11 

(BLOCKS AT P2 LEVEL 01 


The theorem HOVE has a condition that it wT I 1 not move any 
Cuhi; that has another Cube sett tOR on top of It* Professer 
Papert pointed out that one could wr i te the theorem HOVE 
different c y, instead of prnhi h (t! nft the removal of the 
cube, it could bring the cubes above the removed one 
crash I ns down I Thus we could have written 



31 , 


% 

(MOVE f TH PROG 

(S13LQCK SOTHERBLOCK SMEVILEVEL $NEWPLACE mnLEVEL 
SOLDPLACE) 

(CONSEQUENT (KRLOCK AT SNEWPLACE L1= VEU 3NEVJLEVFL)) 
(PROVED (flLOEK tBLOCKJ) 

(ERASE (tB LOCK AT fOLDPLACE LEVEL SOLDLEVELl} 

(THCONO ( (PROVED £$OTHERRLOCK AT JOLDPLACE LEVEL 
(=EVAL“ (PU?S SOLD LEVEL 1))) 

(ASSERT (FALLING tOTHEMLOCKH) 

> 

(STATEFIWISHED) } ) 

(FALL!NR (THPAQG (SRLOCK, SOTHERBLOCK, SLEVEL* EPLACE) 
(ANTECEDENT (FALLING SB LOCK)) 

(ERASE (FALLING SB LOCK)) 

(ERASE (tfl LOCK AT £ PLACE LEVEL $ LEVEL)) 

(ASSERT (SBLOCK AT SPLACE LEVEL (-EVAL- (MINUS SLEVEL 

I)))) 

(THCONP < (PROVED (SOTHE PPLOCK AT SPLAOF! LEVEL (=EVAL=- 
(PLUS 3 LEVEL 1))) 

(ASSERT (FALLING SOTHERBLOCK))) 

} 

(FINISHED) > ) 


To Form a plan 

as to 

how 

to 

hoi Id 

H 

tower does not 

comp T hp- t; ft t he j oh» 

Thp t owe r 

must 

still 

he 

constructed! One 

way Fin which that 

<nE pht 

he 

aceorop!1sh 

Ed 

Is as fol1ow ;t 

After the planning 

phase 

Ts 

comp! cited 

th£ syStErn ^hdu]d 





write nut PLANNER programs that actualTy carry net the job. 
For example the theorem TOWER above mTght create something 
like the following theorem. 

(MAKETOWER (THPRClfi C3 

(GRASPRLOCK (AT Pi LEVEL 1)3 
fwnvETfl (MERE LEVEL 03) 

(RHLEASEFUOCK) 

(CHECK (CUBE AT HERE LEVEL 0)3 
(flRASPRLOCK (AT PI LEVEL 0)) 

(MOVETO {HERE LEVEL 1)) 

(RELEASEBLQCKJ 

(CHECK {CURE AT MERE LEVEL 13) 

(GRASPBLOCK {AT P2 LEVEL D>> 

(MOVETO (HERE LEVEL 2 )) 

(RELEASES LOCK 3 

{CHECK (CURE AT HERE LEVEL 2)) 

(FINISHED) ) 3 

Of course If we wanted to build a tower ten blocks, tall 
Instead of only three, then both MAKETQWEH and tower would 
have loops In them, 

One Important problem In actually having the robot 

carry out an operation Is that of unexpected input from the 
sense organs. For example a cube might slip out of Its 
hand. At that point the robot must do some East calculation 
to determine what has happened and what it should do next. 
It would be interesting to know whether the controlled hack 



up Feature of PLANNER would help or hInder solutions to this 
prohlem, 

PLANNER can do simple proofs In a decldahle suhtheory 
of the quant If lentlonal calculus* The follow !or theorems 
enable It to prove the transitivity of set theoretic 
j nclusl on« 

{NEC fTIIPROG { SA $R > 

(THIMPLIES fTIIPROG (JX) 

{THIMPLIES {ELEMENT $X SA) 

{ELEMENT JX tH) 

) 

) 

{SUBSET SA $B> 

> J ) 

{SlipF fTHPROR {SA SR) 

(THIMPLIES {SUBSET SA SB) 

(THF&OG { SX) 

(THIMPLIES {ELEMENT SX SA> 

(ELEMENT SX tfl) 

) 

} 

{SUBSET SA $BJ 

) > ) 

Note that THPftfld serves as the universal quantifier* In our 
notation transitivity of set theoretic Inclusion is 


expressed by 



(TRANSET (THpROfi (SA $13 $C) 

(THtMFLlfiS (THAND (SUBSET SA $B) 

(SUBSET $C) 

) 

(SUBSET SA $C1 

) 

> ) 

Within the quant tf feat I one! calculits there are essentially 
two ways to prove a theorem of the form £R where x Is in 
the- VAR mode* The first method is to assume (thprojt (x) 
(thnot ER x))) and then attempt to derive a contradEctTon. 
The other method Is to derive as many consequences as 
possible from (R x)--say (R1 s), (R2 x), * + . t fRn x)-and 
then attempt to cons up an object that wM 1 satisfy the 
consequences. For example we mf#ht write the following 
theorem* to construct the midpoint of a line sepmenti 

(CONSTRUCT (TUPftOfi ($Pl 3P2 SP5) 

(CONSEQUENT £ EQUAL < f> 1 STANCE JPI $P3) £ DISTANCE $P3 

SP2))) 

(PROVED CPOINT SP1 3) 

(PROVED (POINT SP233 

(THCDMO ( (CONSTP $P3) (TKFA|L>> ) 

(MSET (QUOTE $PJ) (QUOTE (MIDPOINT $P1 3P2)}) 

(ASSERT EPOINT KP3)1 


(FINISHED) 



35. 


) ) 

(POINT A) 
tPOINT ft} 

CONSTP is a predicate which tests to see if Its armament Is 
Tn ths CONST mode- If asked to prove (EQUAL (PI STANCE A SY) 
(01 STANCE $Y ft) 5 where $Y is Tn the VAR modP t PLANNER would 
g F ve 16 y th r vp I ue (MI h PC I NT A !?) , Thee rems such as 
CONSTRUCT can cause PLANNER to go Fnto a loop If they are 
not used with care* PLANNER car do simple proofs by 
contradiction if it Is told the statement to he 
Contradicted. For example If we wanted to prove (not a) by 
contredictI on on c we could say fhypotheFse aJ fptoveable c) 
(proveable (not c}} (diseharge}, In this way we could prove 
Coot al from the theorem (imp!Fes a (not a))* Of course tn 
order to do general proofs in the quantFficatEonhT calculus 
we would have to write considerably more compTFrated 
theorems. My present goal In this area is to me k e PLANNER 
prove that the limit of the sun of two sequences is the sum 
of the limits of the sequences. 

F would like to thank Professor M Fnsky for suggesting 
that t investigate the problem of getting PLANNER to sivap 
the contents nf two machine addresses on an Ibm 7094. 
Suppose that a is in addressl, b Fs Fn address?, and 
randomness is In address?. The following theorems will swap 
the contents of address.! and address?* 



3b. 

' (SWAP (THPKOCi 

($AD01 SAT>D2 5A 6B 1ADDA tAPOft) 

(CONSEQUENT (SWAP $ADDI $ADD2)) 

(PROVED (CONTAINS $ADDI $A)> 

(Proved (contains sadds son 

(PROVED (CONTAINS SOTHFRADD = >) 

(GOAL (HOVE SADD1 SOTHERADD)> 

(PROVED (CONTAINS 1ADD15 *(J) ) 

(GOAL (HOVE SAOOfi $ADD1>) 

(PROVED (CONTAINS 1A00A $A3} 

(GOAL (HOVE SAPDA SARDS)) 

(FINISHED) 

) > ) 

(CONTAINS ADDRESS I a) 

(CONTAINS ADDRESS 2 b) 

(contains address; 0) 

(MOVE (THPROG 

(6AD01 6ADD2 SQONTENTS) 

(CONSEQUENT (MOVE JADD1 JADD2)) 

(PROVED (CONTAINS SADDI ^CONTENTS)) 

(ERASE (CONTAINS SADDZ ■)) 

(ASSERT (CONTAINS SA0D2 ^CONTENTS)) 

(FINISHED) ) ) 

If we wore to examine the protocol produced by PLANNER as Tt 
solves thf> proM ftfn, we would f 1 nd that ft kors up a couple 
of blind alleys before It finally finds the correct 



37. 


solution. We would tike to try to write theorems for 
PLANNER that would enable it to analyie simple protocols 
and try to make changes In the theorems that produced the 
protocols In order to make the solutions more 
straightforward* Thus the fourth statement of the theorem 
SWAP might he changed from (PROVED (CONTAINS $OTHERADO =)) 
TO (PROVED (CONTAINS (*AND» $0THEIRAD[> (-NOT" (=0R= SAfiDl 
$ADD2))> "))* Similarly we could try to get PLANNER to 
generalize the theorem TOWER (above) by replacing MERE 
throughout by $PLACE, Then PLANNER would be able to build a 
tower anywhere Instead of only at the place KERF* inserting 
and deleting statements from theorems are other simple 
manipulations which are feasible for PLANNER, PLANNER will 
have to do a gigantic Inefficient search In order to learn 
to do some simple class of tasks* Subsequently# It should 
be able to proceed straightforwardly for the class of 
problems, if it should hit a snag, PLANNER should attempt 
to modify the procedure that has worked In the past In order 
to get around the difficulty* Protocol analysis provides 
important clues to show where and how theorems should he 
modified* Attempting to make changes in theorems without 
the help of protocols *rom those theorems appears to he an 


untraotahle problem* It 

has 

been 

suggested 

that 

the 

protocol analyzing theorems 

be 

used 

to try 

to Improve 

themselves* Unfortunately it 

wl11 be 

quite a 

long 

t ' ms 

before bootstrapping In this 

Wrsy 

wl 1 I 

be frultfuT 

At 

the 


present time it Is necessary to write very complicated 



theorems to analyze even the most trivial protocols. 
Furthermore any increase In the power of the protocol 
analysis theorems would seem to cn U for even more complex 
tli mrsns » 

The followT np two theorems Illustrate how PLANNER eon 
he made to solve fieomotrtc analony problems such as those 
solved by Evans's program, 

(ANALOGOUSRA (THPROG ($3 $A STYPEB1 

(CONSEQUENT ( AWALDGOUSRA 4ft $A)) 

(PROVED (TYPE SB 4TYPER)) 

(PROVED (TYPE SA $TYPER !} 

(FIN fSHED) ) 1 

(ANALOGOUS AO (THPROG (SA SC $ PREDICATE *ARG5A1 *ARGSA2 
-ARC1S01 *ARGSC2) 

{CONSEQUENT (ANALOGQUSAC 4A SO)) 

(THCOND ( (PROVED (TESTANALOGCUSAC $A $C >} 

(FINISHED)) ) 

(PROVED (OBJECT 4A)} 

(PROVED (OBJECT $C}) 

(TNCOND ( (PROVED (TESTANALOGOUSAC SA (-HOT* SO >)) 
(FAIL)) ! 

(ASSERT (TESTANALOGOUSAC $A SCI! 

(PROVED (RELATION SPREDI CATE!) 

(PROVED (SPREDICATE *ARGSA1 JA *ARGSA2))J 
(PROVED (5PREDICATE *ARGSC1 SC *AR0SC2)! 



(PfcftVEARLE {CORANALOCOUSAG { *ARRSA1) (*ARGSC1))) 

(PROVEABLE fCORANALQGOUSAC (-ARGSA2) (*ARGSC2))) 

(P I WISHEG) ) ) 

(COR ANALOGOUS AC (TIIPROC ( S A *A SO *C) 

(CONSEQUENT (CORANA10G0U5AC (4A *A) < SC +CJ)> 

{THCONP ( (PROVEN (TESTANALOGOUSAC $A SC)) (THRO REST)) 

) 

[pRflVEARLE (ANALOGOUS AC $A SC)) 

REST (PROVEABI.E ("ORANALOGG(P$AC (*A) t*C)J) 

(F I HI SHED 

) ) 

(TVPF TRIANGLE) 

(TYPE RECTANGLE) 

(TYPE CIRCLE) 

[RELATION 1NSINE) 

(RELATION LEFTOF) 

(C0RJF.CT Cl) 

(TYPE Cl RECTANGLE) 

[ GGfuECT 02) 

(TYPF. C2 FLIJPSF) 

(AORJECT Al) 

(TYPF. Al TRIANGLE) 

(AORJECT A2) 

(TYPE A2 CIRCLE) 


(BCRilFCT PI) 



40, 


(type ri triangle) 

(RPRJECT 

(TYRE ?2 CIRCLE) 

{CPRANALOGOUSAC f> {)) 

(INS I PC A1 A 2 ) 

(INSIDE Cl CZ) 

(LEFTOF IU R2) 

If you ask PLANNER to prove {ANALOPOUSAC A1 where tX la 
In the VAR mode, then it will g T ve $X the value Cl- Using 
the above theorems as models the reader should Ur able to 
ytrito the other theorems necessary to solve the analogy 
h e 3 o w 





42, 


Si 


Analogy and genera I 1 gat ion play a very Important role 
in theorem proving* For example the proofs of the 
un iq-uaness of the Identity elcnwnt, the :oro element^ and 
Inverses 1 n semi -groups are closely related. The 
def[nltIons are 

(equivalent {Identity e) (fora M (a) [Implies [equal (tines 
a p) (tInes e a) a )))) 

{equ tvalent {into g} {fo ra 11 (a) (implies (equal (11 me a a 
z) ( t Imes z a } a)))) 

(implies (Identity e> (equivalent (Inverse bl b) (equal 
(times hi b ) (times b hi) e))J If wo suppose that e 1 , z f , 
and bl’ are respect 1veiy Identity* zero, and inverse 
elements then the solutions are 
(equal e (tines e' el e 1 1 
(equal z (times z' z) z 1 ) 

(equal ql (times al f a all al f ) 

Thus the general farm of the solution Is (equal w string 
w’J where string algebraloly sImnli f1 es to w and w T * It 
would be a straightforward to write theorems for PLANNER 
that would enable the program to recognize the very 
particular above kind of analogy. But this is not the way 
in which we would ultimately like to approach the problems 
of analogy and genera 1[get Ton in theorem proving. What we 
need is a way to search analogy space and generalization 
space In a manner similar to the way In which SCHEMATIZE 
searches island space for plans. A reasonable approach 

toward accomplishing this would be to construct a belrarchy 



43 , 


of theorem's around the the various predicates for types of 
analogy such as those introduced above. 

The ability of PLANNER to write theorems which it can 
later execute potentially gives ft very great powers of 
generalisation and abstraction. We do not yet know how to 
effectively utllyse this power. At present the prrndpal 
use of th T s ability has been to aid In the fmplementatIon of 
a deddable subtheory of the quant fflcati ona l calculus. 
Perhaps It will prove fruitful for planning prog rams to 
create PLANNER theorems such as MAKFTOVJER ahove fn order for 
the robot to carry out the plan. Also the ahillty to create 
programs enables the computer to put several smalt 
procedures together in order to accomplish a larger task. 
Usually some fudging Is necessary between the smaller 
procedures in order to make them work together, 

PLANNER was first developed as a simple planning 
mechanism and model manipulator for a robot* Its structure 
permits the use of macro steps In constructing plans of 
action for the robot. There might he some confusion as the 
purpose of PLANNER as a general theorem prover, PLANNER Is 
not In tender! to show that a computer theorem proven does not 
need knowledge and experti$e In the domain In which ft 
works* To the contrary PLANNER should be used as a 
meta-theorem proven with as much knowledge as possible built 
Into Its theorems* In the last decode many programmers have 
constructed heuristic tree searching problem solvers, Many 
of the the problem solvers have detailed knowledge of their 



44 , 


Intended domains fruJ1t into their strue Cue. I would like to 
i nvest i jto ta how much of the- knowledge of the pro^r^ms can he 
nstLir^lty i nr„o rpn rci tf=d Into theorems for PLANNER* 



A great dea 1 rema i ns to be done to remove some of the 
limitations associated with general theorem provers, Much 
of AUf trouble stems from the fact that we do not yet even 
have the befilrinl hjtS of a mathemat leal 1 y rigorous theory of 
tree searching* Her do we have much theoretical 

understanding of the process of proving theorems. 
Independent of more general theoretical considerations* 
genera) theorem provers have fnportant limitations relative 
to more special purpose problem solders, In any given 
problem area* PLANNER will certainly prove to he less 
efficient than a special purpose problem solver In the 
problem area for which the latter was designed. However, 
part of this Inefficiency can he avoided by writing very 
special theorems for PLANNER* Also* PLANNER will become 
much more efficient when 1 have completed a compiler for it-. 
PLANNER is sufficiently powerful that I can write the 
compiler in PLANNER and then hoot strap It. The argument of 
loss of efficiency In general theorem provers will lose much 
of its force once we have the hardware to search the 
branches of the goal tree in parallel. 

The problem of representation for theorem proving 
systems has attracted increasing attention from researchers 
in recent years. The problem has the following aspects; 



1 . input representation of problem 
2* Intsmai fepreSgntalon of problem 
3* Ab T 1 5 ty of the theorem prover to change 
representat Ion 

Inadequate ability to represent concents rvecessa ry for the 
solution of problems can severely affect the performance of 
a problem solver* For example the fixed Inflexible input 
format of ftPS-J’-f greatly limits the generality of the 
problems that It can solve* ip PLAtiNFR there Is no 
distinction hetwean Input representation and Internal 
representat Eon* Furthermore theorems for PLANNER make no 
distinction between a problem to change the represents inn of 
a problem and any other kind of problem* For example It Is 
stra Ightforwa rd to writs thenrems for PLANNER which v/llt 
enable it to recogn I xe that the genes tic-tac-toe, number 
scrabble* and jam are isomorphic, The chief difficulty with 
the theorems to recognize the isomorphism Is that they are 
applicable only to this very specific problem, whet we need 
to do is to write a system of theorems that can recognlie 
Isomorphism within a very wide class of games. 

Almost alt the problems that have been solved by 
genera! theorem prnvpfs thus far have been rather trivial. 
The chief reason for this has been that heretofore enough 
core storage to attempt more ambitious problems has not been 
available* Thus tha following Question hes arisen; Can the 
techniques which heve been developed to handle toy problems 
be extended and generalized? i think thet we will see the 



47, 


H 

i fc 

question answer fid Fn the af f r rmat 1 ve In the neat few years 
as more core memory becomes avail ah Is to users , t am 

presentty wnrkinfi on two problems to show bow theorems for 

■ 

PLANNER can solve harder problems. The first problem Is to 
write SCHEMATISE in PLANNER, The second is to write 
theorems wh[oh solve the problem of how to put Soma Cubes 
together to make fairly arbitrary block figures* floth 
problems require a large number of theorems arranged In 
interlocking hierarchies, Hopefully, this work will 

eVeptua !Iy hepnme part Of a thesis* 



PI PI. TO Cl Ft A PHY 


Slack, F„, 1964. A Hft'jUJC.llyt; fHtCStJpJ Answer lee System , 
d nc t «ri r a 1 d I £ 5 p r t a 11 o n , Mar va r d 6 n 1 vc* r £ 1 t y ^ f! a nb r i d f.f* i Ha 5 s ^ 
Christensen, 1061k. AMBIT; a .Program! na L^npua^ e 

lo£ Algehr laic S vrthol Ugn t.PJ'1 g.UflQ, AFCRL-G4-9 OR, 

Cohen, K., and We^steln J,, 1965. AXLE: An A«TcxnatTc 


Language far String Trans format Ions, Conmunleat 1 ens n£ the 
Assnr i at Ton for Conlput inr. Mfuh i nerv , Novenher, 191} 5. 

Felflenhfiun, E. A., and FnMman, iK (eels.), LOOT, 
Connnters an^ Thought , Mew York , M. Y. r : Mefiraw-H 111 . 


f e n 1che1, 


R,, and rinses, J>, 1066, A Njbvj Vers for q£ 


f.Tfi S I. I S P .. Artificial Intelligence Mpmo 


Hessachuset ts 


Institute of Technology (Project MAO, CanhrMgp, Mess* 

fliiziwn, A. and McIntosh/ H. v., Convert, C omnun 1 cat ion s 
of the Assoc I a ton for Commit 1 nr H flfiM n^ ry\. August, 5.^66. 

Kalenlch, W, A + fed,}, 1966. I nf.ormnt ion F ES£ e £ £ 1 n j* 
19 0 5. leternatTona 1 Federation for Information Process i or. 


New York CTty, Washington l>,H,i Spartan, 


McCarthy, J. 19F9. Programs wit-H coorion sense, 

Proceed [ ojrs of the Symons fun on Meehan 1 sa l for nf Thotrcht 
Prorpsses , Metionnl Physical Laboratory, Teddi njvton, 
Fntlrinrl, London: u , M fc stationery office, pp, 75- Ri*. 

f'nOrthy, d., 4 l£ 19fiS + L.I5J* l Prop r a ny# r \& 

tlajUJili, Conh r I dge, Mass. 




M. I.,, 




Steps toward arttflcfal 


Mirisky, 


fntetli*encn, m and. Thought , pp. Mttfi-^5n. 


A., *nd Ernst, fi,, 196!> t The search for 
jvoor ra li ty, in I n f o r^in t I p p P_r 0£ifeS-5 [ ee 1 3 G ^ , pp, I7-Zti + 

Newell, A + , Shaw, J + C ■, and St non, H, t\ ff 1 n f5 FI. Report 


nn a tenoral profilera-sol v inj? prnpran, Priced ! r ms of t; hq 
I ntornat tonal fjmfiL££ll££ OH Info mat i on Process 1 . p n r!s: 

UNESCO Mem s n, pp„ 256-2(1 it. 

single, 'I ., 1965. F Kpn r 1 non 15 with a deduottve 

finest.Son-answeriPR program, fionpunic.ittons .o.f the Assp cl nton 
f pj : f onnut \ n e ti.ichinpi-v . !>pCfinbf*r, 8:7flZ’79B. 



50 , 


Sept, 1967 


The Phf lc&Ophy of the System 

SCHEMATISE was designed and MATCHLESS was p ro g r ■arm-fi'd In 
the fall tann or 15B6-L967, SCHEMATISE Is Intended tn 
prov fcJfi global methods for the computer to use to prove 
thnorens 1 it logic systems of a very simple type. One I dea 
Is to use Invariants of the theorem net To order to more 
quickly find proofs. For example one invariant of a theorem 
net Is its pi ac e h nl der ;oa 1 tree . Let (n prod) be the nth 
place holder of the predicate prod. The place holder goa1 
tree for the predicate at In the theorem net In the first 
chapter Ts shown in the figure below. The advantage of 
using Invariants of the theorem net for this purpose is that 
aithough they can he used In many prob lens they only have to 
computed once for each theorem net* 

Another .global method Trs SCHEMATISE Is the use of 
schematized goal trees* The philosophy hehfrd tin? idea of 
schematized goal trees is very simple* Vie Interpret 
subgraphs of the theorem net as subtheories. Quotient 
graphs ar-e syntactic planning theories. The space used by 
In which connectives are left out of propositional 
formulas Is an example of a syntactic panning theory. 
Homnmorphlsms from nne space into another are interpreted at 
analogies he tween theories. Thus there is alv.'iiys an analogy 
between a theory and one of Its syntactic planning theories. 





52 * 


A ErivFal kind of honnriorph 1 sn fs cixf^pl If led by the 
symmetry of v^rlablfi recoin I red by Gel on tor's geometry 
theorem nr over, These homomorph E sms are trfvfel because 
they man predtcates Identically onto themselves* Also the 
use of these honomorph T sms is covered hy a constructive 
nets theorem. A motatheorem is Interpreted as a theorem 
about certain classes of theorem nets* Constructive 
met a theorems represent the best of all possible ror Ids for 
the theorem prover, Metatheorems save the theorem prover 
the work of do!ns basically the same kind of proof over end- 
time Tt comes to a problem for vrhich It has a relevant 
flietatheorem, l.'orkl nr tn s theory over the theorem nets 
tthat is metatheoretl cal 1 y ) f the theorem prover can obtain 
insights and results that vjou 1 d otherwise he impossible, A 
more hi teres tEng example of a homomorphT sm Is Riven hy the 
analogous proofs by d iatonal Elation of the incompleteness 
theorem ami of the existence of nonrecurs Eve predicates. 
Suppose there is a homomorphFsm hi from theorem net T1 into 
theorem net T2 and a homomorphism h2 from theorem net T2 
into theorem net T3, nne cart sometimes obtain a proof of a 
prnposItFnn Q in TJ by first obtaining a schematised proof 


Hi In Tl, extending bl(Pl) 

tOi FS 

p r^nf 

F>2 Fn 

T2, and 

then 

finally extend For h2fp2) tt 

\ h p 

fi proqf 

of Q. 

Thus we 

hove 


an eleneritary theory of Multi-pass theorem provers* It Fs 
also useful to look at tin? homomorphic images fo the given 
then-ren net since they Induce ouptients back qn the given 


space. 



53 r 


PLANNER Is designed to bo an extendab le flflXil'lfi 
system For nan ! pu 1 at inp on Internal model of a dynamic 
world. In Its world arbitrary objects tan ti* created and 
destroyed at will* The world of PLANNER contrasts strongly 
with the static world nf the client 1 f I cat Iona 1 calculus. En 
nr dor to obtain greater f 1 ex Ib111 Ity and HoneralPty* PLANNER 
does hot maintain a rl^fd barHar between the Imperatives 
(theorems) that take some action [n its world and 
complicated dec la rat I ves (theorems) that state some fact 
about its world. PLANNER often uses the same S-expresslon 
os on imperative and as a declarative depending on the 
content* There 3s an analogous situation In matlimcmat 1 cs 
where the quant IFicat Iona 1 col cuius (a theory of 
Heel nrat Ives ) Is strops enough to represent the recursive 
functions (the tmperatIves). Furthermore one enn regard a 
wff In the quant I f lost ional calculus with free variables as 
a predicate. Assume that for each procedure P we hove a 
declarative D (colled the ]ntertIon of P) that says how P Is 
intended to be used. Now D does nnt determine P. IF there 
fs one way to realize a p Iven Intention then there are 
Infinitely many ways to rent 1 20 it. Also It ney happen than 
an Intention cannot be realized at oil. Tor example the 
following intention Is realized by no proc* 3 rSurf 1 F solvei-i 

th* h^ItEnp problem* Us Inn intentions the theeram proven 
can proceed to d^buR ^ procedure P as follows: fI ^en en 
ar^umert a such that P(a) violates Its Intention check the 
subprocoduros of P to see if any of them violated their 



5b . 


Intention while p£a) was belnp. computed. If so then proceed 
to ft nd the bug In the sub -1 procedure nf P. If not then 
there Is a hup* in P, Check the Intentions of the statements 
nf P to find the statement of P whose Intention was 
viol a ted* r or example In the problem to exchange the 
contents of two locations the Intent Ton that fOTHERAPD fce 
different from both JADni and S^DI12 was violated* As 
i f 1 us t mted by the example of building a tower, the standard 
way in which PLANNER trys tc find a procedure which 
satisfies a given Intention Is to first figure ouL an 
algorithm which satisfies the intention and then write a 
procedure which u$e$ the algorithm. fiyen the knowledge of 
hoiv tn cause on Imperative to act, PLANNER can sometimes 
find out what the Imperative n aa n_s , For example In Possrr 1 s 
axiom system fnr the propositional calculus the mean I rtf; of 
the general procedure by which ymt can obtain a proof of 
(Implies ah) from the proof of b starting from a Is the 
Deduction Theorem for Rosser's axl oma t Izat Ion* Conversely 
we can try to analyze how a theorem can he applied* 
Classical theorem provers keep their declarative knowledge 
rigid!]y separated from their imperative knowledge, 

F-'row the point of vieiu of program graphs, there are 
essentially two kinds of heuristics In PLANNER, theorems. 
The first kind (called selectors ) choose which branch of the 
prohlem tree to search next. The second hind (called 
rejecto rs 1 determine when to stop working on a branch of the 
problem tree* At a high level selectors should u£e 




55. 


planning, analofjtes, and links In models to help make 
plausible choices. Rejecters can try to prove the notation 
of a proposed goal or try to find a counterexanple to It. 
One to overriding; cons I derations of efficiency, a practical 
theorem prover must be as close to a decision procedure as 
possible, Rejectors end selectors supplement each other, 
for example In elementary plane geometry, counteresamples 
from d t acrams make such a good rejection heur1st[c that very 
Rood selectors are not needed. On the other hand since 
Samuels's checker player can choose the correct nove at eael 
ply over half the tine. It is less dependent on Its static 
evaluator as a rejector. One can view rejectors as special 
cases of selectors In which tha null choirp Is made. 

PLANNER has many of the features that are desfreaMe 
for ti language In which to wr 1 La a dona 1 n 1 ntlpnender.t 

:: 1 n n n e r for proving theorems , A do-m-aln 1 nda pendent planner 

Is a program that operates l>y accepting as Input knowledge 
of a domain !> (Including hotfr declaratives and f nporat I ves) 
and a theorem t In the dona In P and outputting a plan for 
the proof of T, The Justification for a domain independent 
planner Is the thesis that there Is a large body of 

techniques and strategies common to natlienat leal domains 
such as IorTc, algebra, set theory, and analysis. The 
ultimate goal Is for a domain Independent planner to he able 
to read a book written In a formal language nn some 

mathemat f cel dona in Q and then be able to constuct plans for 
tl>e proof of theorems In D. Admittedly it is not an easy 



task to construct a domain 1 ndependent. planner foe ev?n a 


trivial class of Homs]ns. Up to the present time the 
pattern of research in artificial Intel licence has been to 
construct rro^rans that stra Inhtfonvardly search £oal trees 
a t the 1 eve 1 of the c I ven ax fon 5 and ru 1 ps of, 1 nf ere neg of 
some specialized domain. Although the previous work has 
made valuable contributions, it Hops not automat tea]1y 
produce a domain independent pTanner. There are many 
drffI colt problems in the rout truetton of a domain 
independent planner that have not arisen in the work on 
specialized dona Ins, Thus work on domain Independent 
planner Fins its own independent ri;-ht to existence as a 
problem lh artificial intellEsenes. 

In a limited sense PLANNER Is "aware 1 ' of what it Is 


dofri£ when Ft is trying to prove some result since each 
theorem has complete access to tie submoals and procedures 


that are telnjt used to try to obtain the result, for It to 


be "eware" of what ft Is dulpy. ip a deeper sense, PLANNER 


must he able to easily translate from intentions tn 
p r o c ed urns wfr Ech realize those intentions n h ri fr om 


procedures to tbe meaning of tknSe procedures. 


I o 


particular It must be able tn do SO for the Intentions and 


procedures that constitute the theorem prover, 





ictdui 4.T- i%? (Xt&p /?6p) 

g*'] AM. $ 


PLANNER Is a language for proving theorems and 
manipulating models* It can prove theorems in a typed 
second order quantif Icationat calculus sv11h erasing. The 
declarative-imperative duality of its theory Is basic to 
understanding how the language works. The language Itself 
is domain Independent* We may think of the language as 
divided into two parts: bookeepfng and default conditions. 

Tile default conditions constitute the domain 
independent knowledge of the theorem prover, Suppose the 
goal of the theorem prover Is to prove (implies a b). In ft 
default condition PLANNER will usually assume a and try to 
prove h* ff that doesn't work,- then it will usually assume 
(not bl and try to prove {not a)* The default conditions 
allow PLANNER to do a reasonable amount of search. Thus 
tile default conditions would not assume (not (implies a b)> 
and attempt to derive a con trad Iction* Of course this does 
not mean that we connot do resolution in PLANNER. It stmply 
will not he done by default* Another example of a default 
condition is that (not (not cj) simplifies tn c. The last 
example Is interesting because It points out an interesting 
parallel between theorem proving and algebraic manipulation. 
The two fields face similar problems on th« issues of 
simplification, equivalence of expressions, Entermed Tate 
express I tin bulge, and man-machine interaction. Of course In 




any particular case, the theorems need not allow PLAWfJFn to 
lapse Into Its default cond1t\ons * 

All domain dependent knowldege is contained In the 
theorems (Imperative and declarative). The theorems can do 
arbitrary amounts of computation* They have the full 
recursive power of PLANNER available to help them with their 
problems* For example an assertion can recommend theorems 
to be used to attempt to draw conclusions from what Is 
asserted* Messages can he sent to lower level theorems to 

1 . ' ■ * .e i i i 

try to net them to produce bettor answers to soma Question 
that a higher level theorem Is ashing* Consider the 
following functions, 

(defprop among 
(thlambda (1) (thprog (J 

start fthcond £ trtul 1 1) (fa|1})} 1 

(setq 1 (edr TJ) 

(fa I Ip (fall to start!) 

{threturn (oar ?)) >) expr) 

(defprop foo (thlambda (b al fthcond 

£(greaterp a b) a) 

£ t (fail)))) 

expr ) 


Thus the value 

of Cfoo 5 (among (quote 

(2 k 6)))) Is 6* 

1 f 

the predicate 

fflilp detects a failure 

then 11 

executes 

r ts 

argument* The 

func tion f a 11 to causes 

fa 11ufe 

to the 

tag 



which Is Et& argument* The function among successIveT y 
takes on the elements of Tts argument 1? I* a. 2 then 4 then 
fj t Clearly the computation would be faster If foo were to 
assert that "among” should produce a value greater than 5 
and "among" were to take this advice. It will souieHraes 
happen that the heuristics for a problem are very good and 
that the proof proceeds smoothly until almost the very end. 
At that point the program gets stuck and lapses Into default 

I, I <* I " * « ™ * B 

conditions to try to push through the proof, On the other 
hand the program might grope for a while trying to get 
started and than latch onto a theorem that knows how to 
polish off the problem In a length Iy but fool proof 
toraputatlon* PLANNER Ts designed for use where one has a 
great number of procedures (theorems) that might he of use 

in solving some problem along with a general plan for the 

. 

solution of the prohlem* The language helps to select 
procedures to refine the plan and to sequence through these 
procedures in a flexible way In case everything doesn't go 
exactly according to the plan. The present default 
conditions can and will bo extended hut 1 don't think that 
by themselves they will ever be able to prove deep 
mathematical theorems* Nor do t believe that computers can 
solve difficult problems where their domaIn dependent 
knowledge is limited to a finite-state difference table of 
connections between goals and methods* 

A straight forward compilation of programs written In 
PLANNED produces very Inefficient code* For the language to 



GO 


practical, the compiler must be able to cut corner s while at 
the same time product hr: correct code. Thus the compiler 
should he ah 1e to prove that in each case ft has indeed 
compiled a program correctly* McCarthy and bTs students 
have used the alternative approach of trying, to prove the 
compiler correct once and! for a|l + The TtAhp! Ell compiler 
should be extendable in that it should accept new heuristics 
at any time and that programs to be compiled should be albe 
to make recommendsttons as to how they should be compiled. 
Thus we are lad to consider tlie equivalence problem for 
prpgrammi np; languages. in the following the s-express Ions 
enclosed in <> are first order intentions. Intentions are 
defined to be predicates that should he true when control 
passes through them. Variables that begin with a single lf < M 
are first order intention variables. Intentions are allowed 
to reference hut not to modify program variables. For 
example the following programs are all equivalent. 

(defprop factl 

(lambda (n> (cond ({lessp n 1> 1) 

(t (<t (lambda (<b>J (equal <b> (factorial 

nm> 

(times n (factl Csubl 

expr) 

(lap factla subr) 

(<block> (< <n> < addr 1)]) 


(push p 1) 



travel 2 (quote 1)) 

(tall 2 {function *less)) 

(jumpe 1 a) 

(mcvei 1 (quota 1)1 
(jrst n b) 
a 

(move 1 Op) 1 

(eaH I (function subl)) 

(Call 1 (function factlaj) 

(<( equal (addr 1) (factorial (subl <n5)))>) 

(move 2 0 p) 

(call 2 (function "times}) 
b 

(stib p (| 0 0 1 1) > 

) 

(popj p) 

O 

tn Faetla (addr 1) 1 s the address of accumula tor 1 and 
<block> declares the Intention variable <n> to he equal to 
(addr I?- 

(defprop fact? 

(lambda (n) (<block> (<<b> n)} (prog (a) 

{< (advice (prooftype of (equal a (factorial <h>)} Is 
numerical -inductIon on n from Q to Infinity}}?) 


(setc a 1) 



afiflin Cconrf ((lessp n 1) 

equal a (factorial (return a}))? 

( sctq a (t irons rt a)) 

(setq n (suhl n>) 

(j;o again) >33 expr > 

Clap fact2a subr) 

£<block> ((<n> (addr 1 (<p> (addr p))) 

(push p ( !; 0 0 (quote 1))) 

(push p 1J 
a 

(rnoveT 2 (quote I)> 

(move 1 0 p> 

(call 2 £funct f on * less >) 

(jumps lb) 

(rnpve 1 “1 p) 

£<(eauai taddr 1) (factorial <n>H>} 

(Jrst 0 c) 
b 

(move 2 “-1 p) 

(move 1 0 p) 

(call 2 (function *tiroes)J 
(mover* 1 -“1 p) 

(nwve 1 0 p) 

(call 1 (function suhl)) 

(mevem 1 f] p> 

(jrst 0 a) 



c 


C?3 

(sub p {% 0 0 2 Z>) 

(<£eq <p> £addr p)>) 

a 

£<£no-sTde-effect£)>) 

£ <(no-freo-var1eb1 eft } > ) 

) 

(popj p5 

£5 

The function (block'* declares that tlte [ritent Ion van!aMe 
<b> should have Che value of n and returns Its second 
argument as value. 

Cdeflnitlen £ Iff (equal ffactJ n) a) 

£or (and (lessp n 1) (equal a 1J 3 

(and (not (lessp n I>1 (equal a (times n (fact3 
(SUb1 nj))>))))> 

(defprop fact4 

(lambda (n) (pros (a h] 

(setq a 1) 

£eond ((lessp n 1) (return a))) 

(soto h- 1) 

again £cond ((equal h n} 

(return a)) 

i 

(setq b (addl b)J 
(setq a (times b a)) 



Cgo again) 


)J expr) 

Fat cl and foci 2 are schema11 cal 1y equivalent to each 
other, ( *q. they are equivalent solely on the basis of the 
meaning of the LISP logical primitives. Proving that fact>+ 
Is equivalent to the others Is slightly nontrivial since It 
Involves the associativity and commutativity of 
multiplication* The quantity Included In the <> Is the 
intention for that niece of code- The first s-express 1 on In 
the <> Ts the intention before the function Is entered; the 
second. If present, is the i intention for the value. 'ote 
chat in this connection that It is convenient to treat the 
quantl f 1 eatEona l calculus as a prograrvel ng language* 

The Intentions of a program are useful for a variety of 
purposes* included In the protocols of a function, they 

provide valuable Information on how to combine tine protocols 

1 

in functional abstraction* They are very useful In 
attempting tu provE chat a function satisfies Its overall 
intention or to prove that two functions are equivalent. If 
PLANNED constructs a function ivhich supposedly builds 
towers, it needs to be able to prove that Che towers that 
the function con construct ore alt stable, Without out any 
ultimate loss in efficiency, a function can be ruh In a 
debugging itode In which the processor checks the in, Cent Tons 
of the function os It executes the function to make sure 
that they ore satisfied. At the present time computers are 
much worse than ms theme t id -ins at proving that two programs 



art* cqu E v j lent* Eyeh I f computers were to greatly I improve, 
there are grave difficulties in using then as a practical 
solution tu the debugging problwi, it Es dffficult to fEml 
reasonable Intentions that adequately charac ter I ze the 
output in terms of the input for many funet Tons (for example 
system programs and very highly recursive programs). 
Nevertheless.* work on this approach to debugging problem is 
independently Valuable, It increases the power of the 
computer to prove facts about functions, Only experience 
can teach us how severe the practical difficulties are 
toward this approach to the debugging problem* 



